There’s a website attack every 39 seconds, affecting one in three Americans every year.
But if you’re not protecting the information being passed through your website, you could be skyrocketing the chances of a cyber attack happening to your site, your website dropping down Google’s ranks—and sacrificing your customers’ data.
(Which, as you’ve probably guessed, is a huge GDPR issue.)
Preventing that security catastrophe starts with learning the difference between HTTP and HTTPS: A type of website certification that impacts how a website collects, stores and uses visitor data.
In this guide, we’re sharing the answer, and listing how you can use security certificates and encrypted connections to boost your SEO.
What is HTTP?
Simply put, HTTP (HyperText Transfer Protocol) is what makes the internet work.
A variation of the protocol is needed to access any website—hence why website URLs usually start with “http://www…”—and works by sending a command to a website server to fetch the webpage your URL corresponds to.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) works in the same way as standard HTTP.
The only difference? All of the data sent through a webpage using HTTPS has an additional layer of security. This is called a Transport Layer Security (TLS) protocol, and protects any third-parties from eavesdropping on any type of data being passed through the secure website.
HTTPS gives websites extra protection because the data being submitted to and from the server is encrypted—meaning nobody has the ability to steal, hack or view private data.
Plus, data being passed through HTTPS sites can’t be changed or corrupted.
You can check whether your website has HTTPS protection by viewing the URL in your browser. If there’s a green padlock before your domain name, your site is secure:
(Your customers check this, too: 28% of internet users look for the green address bar.)
In order to make your website run on HTTPS, you’ll need a Security Sockets Layer (SSL) certificate. This certificate, originally developed by Netscape, is what encrypts the site’s data and proves to website visitors that you’re a secure website.
SSL as a Google ranking factor
WhyNoHTTPS found many of the top 100 websites still don’t load securely—including Baidu, ESPN, and MyShopify.
Does that make HTTPS completely irrelevant for SEO?
Not necessarily. In fact, those websites are an anomaly.
Google’s team have expressed the need for HTTPS time and time again. So much so, they’ve released an algorithm update based around it—causing sites without HTTPS security to struggle on their quest to rank highly in the SERPs.
“Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
It seems they’re taking their own advice. Over 90% of sites owned by Google—including Google News, YouTube, and content promoted through their Google Ads network—send encrypted traffic:
…But Google have said they’re working hard to make this figure closer to 100%.
4 Key SEO Benefits of Using HTTPS
These days, there’s more to SEO than HTTPS certificates.
It’s unlikely that a switch from HTTP to HTTPS will skyrocket your rankings to page one. It takes an entire strategy—including on-page SEO, acquiring backlinks, and creating SEO content —to see SEO success.
However, there’s no doubting that making the switch has SEO benefits. Those include:
1. It Gives Better User Experience
It’ll come as no surprise to hear that user experience (UX) is a huge part of SEO.
If people are landing on your website through organic search and you’re greeting them with flashing text, bouncing icons and countless pop-up ads, they aren’t going to stick around. Chances are, they’ll be mad that Google pointed them there.
Google don’t want that reputation, which is why UX forms a huge part of SEO strategies.
Unsecure sites without a HTTPS certificate don’t fit the “high-quality, trustworthy and reliable” criteria that Google set for sites to achieve high rankings.
In fact, Google are so against insecure sites that a recent Chrome latest update now tells users when they’re visiting a site without a HTTPS certificate, labelling the unencrypted website as “Not Secure”:
Seeing that warning sign would give you a fright, right?
You’d think twice about continuing to the website after knowing your data is at-risk, which isn’t going to lead to great user experience—nor high rankings.
2. Secure Websites Can Increase Dwell Time
Dwell time is an important factor for SEO. It’s determined by the amount of time a searcher spends on your website before clicking back to the SERPs, which tells Google how accurate your result was for their query.
Websites without HTTPS could be sabotaging their own dwell time.
The content you’re sharing could be the perfect fit for your searcher. But if they’re being faced with an ugly “Not Secure” message, you won’t have the chance to show them your awesome content.
They’ll simply head back to their SERPs, and contribute to a low dwell time.
Google’s spiders will then view your site as low-quality, or totally irrelevant to that search term, and your URL will drop down the ranks—even if your content is top-notch.
3. Sites with HTTPS Load Faster
When you click a link and land on a website, how long do you wait for the content to load before your patience runs out?
Research by Incapsula found that 55% of people are willing to wait a maximum of five seconds. Combine that with the 7% of people who expect a page to load immediately, and you’ll see why site speed is a critical ranking factor.
(Remember: Google want to point searchers in the direction of sites that are fast, reliable, and trustworthy.)
There’s such a huge importance on site speed that Google rolled out a “speed update”, impacting how mobile SERPs would be produced. Their announcement said:
“People want to be able to find answers to their questions as fast as possible — studies show that people really care about the speed of a page. Although speed has been used in ranking for some time, that signal was focused on desktop searches. Today we’re announcing that starting in July 2018, page speed will be a ranking factor for mobile searches.”
Using HTTPS gives you an SEO advantage because websites using HTTP are 824% slower than HTTPS:
Granted, you can use techniques like compressing files, optimizing images, or reducing redirects to boost your website speed.
But using HTTPS is a quick win that could see huge returns from one change.
4. HTTPS Leads to Accurate SEO Reporting
You’ll need to regularly check-in and audit your SEO results to find out what’s helping your rankings, what isn’t, and tweak your strategy accordingly.
That’s the tried-and-tested process of any marketing campaign, right?
It’s not an easy task though; SEO is notoriously difficult to report on. But switching to HTTPS can help.
That’s because referral information is stripped when a site isn’t secure. Traffic sources aren’t named on sites with HTTP, meaning you’ll see a bunch of visitors who’ve come from “direct” source—when in reality, they’ve probably been referred from social media, organic search, or paid ads.
Secure websites using HTTPS, on the other hand, protect (and show) this referral information in your analytics dashboard. You’ll be able to clearly pinpoint the best sources of traffic to your website, making reporting more accurate.
You can therefore tweak your SEO strategy based on reliable referral traffic information.
How to Migrate to HTTPS Without Losing Your Traffic
Are you ready to take advantage of the SEO benefits that HTTPS provides?
Unfortunately, migrating from HTTP to HTTPS isn’t as simple as contacting your website host to change your URL. The switch means the links you’ve built to your old domain are no longer working—hence why many site owners worry about losing their organic traffic during the migration.
Here’s how you can make the switch without that happening.
1. Install an SSL certificate
Ready to start protecting the data being passed through your website, and experience the SEO benefits of HTTPS?
You’ll need to install an SSL certificate.
Platforms such as WP Engine have SSL certificates available as add-ons if you’re already using them for your website hosting. You might need to pay extra for this, but don’t treat SSL certificates as an unnecessary expense that you can avoid.
Google are actively rewarding secure websites with higher rankings, and 85% of internet users avoid shopping on unsecure websites—meaning the SEO benefits you’ll get in return will outweigh (small) cost of installation.
Alternatively, you could also use a free service like:
Once you’ve got the SSL certificate for your domain, you’ll need to install it on your website.
You can either use a WordPress plugin like Really Simple SSL to do this (which will automatically detect your new SSL certificate), or ask your hosting provider to activate the certificate on your website.
Once you’ve enabled the SSL certificate for your domain, it’s time to set the HTTPS version as the default URL for your website.
Sign into your WordPress dashboard, click Settings, and make sure your WordPress and Site URL include the HTTPS prefix:
(The Really Simple SSL plugin might do this for you automatically, but it’s worth double-checking.)
2. Automatically redirect HTTP to HTTPS
Your old HTTP URL is no longer in use, but people still might land on the unsecure version. So, as soon as you’ve changed your default URL, you’ll need to automatically 301 redirect people landing on the old URL to the new one.
For example: If someone visits https://gotchseo.com, a redirect would automatically send them to the secure version at https://gotchseo.com.
The hosting provider you’re using will likely make this redirect once they’ve installed your SSL certificate. But if you’re installing SSL manually, follow this guide to redirect HTTP to HTTPS, depending on your server.
3. Add the new URL to Search Console
You probably already know that Google Search Console is the primary way Google will communicate with you about your website. Not only that, but it contains tons of valuable data that SEOs can use to understand (and improve) their rankings.
That’s why when you’re migrating to HTTPS, you’ll need to add the new URL to Google Search Console as a new “property”:
When you get to this stage, take special care to include the URL exactly as you see it in your web browser—including the https://www. prefix.
You’ll then see two properties in your Google Search Console account: The HTTP and HTTPS versions of your website.
(Bare in mind it might take a while for Google to crawl the new version, but from now on, your website SEO data will be found in the HTTPS account.)
4. Find and replace external backlinks
You’ve automatically redirected your website from HTTP to HTTPS, and Google has started to crawl the new version of your website.
What happens next?
The answer lies within backlinks: Arguably the most important factor of any SEO strategy, because external links prove to Google that your website is trustworthy.
…But the backlinks you’ve previously built point to the unsecure version of your domain. And even if you’ve redirected your old URL to the new HTTPS domain, you’ll still need to check (and replace) external backlinks pointing to the HTTP version.
For every link you find on an external website, check to see whether you’re automatically redirected from the HTTP to HTTPS version of your website. If you’re not, don’t panic.
Simply install the Redirection plugin for WordPress and create the link yourself.
Redirecting these backlinks makes sure you’re not losing any link juice.
Since the backlink leads people to the secure version of your website instead of the unsecure HTTP version (or worse, a 404 error page), Google will crawl the backlinks—and take them into consideration when determining your rankings.
5. Scan for crawl errors
Now you’ve checked that your site’s external backlinks are in check, let’s confirm you’re not losing any SEO value with the internal links littered around your website.
Sign into your Google Search Console account and head to the Coverage report.
Here, you’ll find broken internal links that Google doesn’t recognize, and that you’ll need to redirect to the secure page:
Redirect broken internal links to the same page on the HTTPS version of your website.
This works similar to external links in the fact that Google can now crawl your site, and understand what it should rank for, without dead ends blocking their tracks.
Are you convinced to make the switch from HTTP to HTTPS?
Follow this guide and you’ll make the migration easy—without losing your organic traffic in the process.
Not only are you protecting your blog, business or entire website from a website attack, but installing SSL certificates and encrypting data is bound to support your SEO strategy.